diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 56eb3efb..a472d470 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -1,8 +1,10 @@ name: Release Mondoo Container Image on: + release: + types: [released] workflow_dispatch: - workflow_call: + jobs: build_container: @@ -128,3 +130,4 @@ jobs: mondoo/client:${{ steps.version.outputs.version }}-ubi-rootless mondoo/client:${{ steps.semver.outputs.major }}-ubi-rootless mondoo/client:latest-ubi-rootless + diff --git a/.github/workflows/pkg_arch-aur.yaml b/.github/workflows/pkg_arch-aur.yaml index e26b8244..6ce794db 100644 --- a/.github/workflows/pkg_arch-aur.yaml +++ b/.github/workflows/pkg_arch-aur.yaml @@ -1,18 +1,6 @@ -name: "PKG: Archlinux AUR Release" +name: 'PKG: Archlinux AUR Release' on: - workflow_call: - inputs: - version: - description: "Version to release" - required: true - default: "8.0.0" - type: string - skip: - description: "Skip release" - required: false - default: false - type: boolean workflow_dispatch: inputs: version: @@ -25,19 +13,26 @@ on: required: false default: false type: boolean + release: + types: [published] jobs: setup: runs-on: ubuntu-latest - name: "Unify Inputs" + name: 'Unify Inputs' outputs: version: ${{ steps.version.outputs.version }} steps: - name: Checkout repository uses: actions/checkout@v4 - - name: Set Version + - name: Set Version (Workflow Dispatch) + if: github.event_name == 'workflow_dispatch' run: | echo VERSION=${{ inputs.version }} >> $GITHUB_ENV + - name: Set Version (Release Event) + if: github.event_name == 'release' + run: | + echo VERSION=${{ github.event.release.tag_name }} >> $GITHUB_ENV - name: Unified Version id: version run: | @@ -55,7 +50,7 @@ jobs: update-pkgs: runs-on: ubuntu-latest - name: "Generate & Locally Commit PKGBUILDs" + name: 'Generate & Locally Commit PKGBUILDs' needs: setup steps: - name: Checkout @@ -63,12 +58,12 @@ jobs: - name: Setup Go uses: actions/setup-go@v5 with: - go-version: ">=1.17.0" + go-version: '>=1.17.0' - name: Execute generator (make update) run: | cd packages/archlinux make update - - name: "DEBUG: Show generated package versions" + - name: 'DEBUG: Show generated package versions' run: | cd packages/archlinux echo "cnquery: $(cat cnquery/PKGBUILD | grep orignalVersion=)" @@ -84,7 +79,7 @@ jobs: commit_email: ${{ secrets.AUR_EMAIL }} ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }} commit_message: ${{ needs.setup.outputs.version }} - force_push: "true" + force_push: 'true' - name: Publish cnspec AUR package if: ${{ !inputs.skip }} uses: KSXGitHub/github-actions-deploy-aur@v2.7.1 @@ -95,7 +90,7 @@ jobs: commit_email: ${{ secrets.AUR_EMAIL }} ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }} commit_message: ${{ needs.setup.outputs.version }} - force_push: "true" + force_push: 'true' - name: Publish mondoo AUR package if: ${{ !inputs.skip }} uses: KSXGitHub/github-actions-deploy-aur@v2.7.1 @@ -106,8 +101,9 @@ jobs: commit_email: ${{ secrets.AUR_EMAIL }} ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }} commit_message: ${{ needs.setup.outputs.version }} - force_push: "true" - assets: packages/archlinux/mondoo/mondoo.sh + force_push: 'true' + assets: + packages/archlinux/mondoo/mondoo.sh packages/archlinux/mondoo/LICENSE.html packages/archlinux/mondoo/OSS-LICENSES.tar.xz - packages/archlinux/mondoo/mondoo.service + packages/archlinux/mondoo/mondoo.service \ No newline at end of file diff --git a/.github/workflows/pkg_chocolatey.yaml b/.github/workflows/pkg_chocolatey.yaml index f1de41c5..c0dae043 100644 --- a/.github/workflows/pkg_chocolatey.yaml +++ b/.github/workflows/pkg_chocolatey.yaml @@ -1,13 +1,6 @@ -name: "PKG: Chocolatey NuGet Release" +name: 'PKG: Chocolatey NuGet Release' on: - workflow_call: - inputs: - version: - description: "Version to release" - required: true - type: string - default: "8.0.0" workflow_dispatch: inputs: version: @@ -15,6 +8,8 @@ on: required: true type: string default: "8.0.0" + release: + types: [published] jobs: chocotize: @@ -24,10 +19,15 @@ jobs: - name: Checkout uses: actions/checkout@v4 # Determine which version should be released based on event type - - name: Set Version + - name: Set Version (Workflow Dispatch) shell: bash + if: github.event_name == 'workflow_dispatch' run: | echo VERSION=${{ inputs.version }} >> $GITHUB_ENV + - name: Set Version (Release Event) + if: github.event_name == 'release' + run: | + echo VERSION=${{ github.event.release.tag_name }} >> $GITHUB_ENV - name: Unified Version id: version shell: bash @@ -64,3 +64,4 @@ jobs: done echo 'Go check for the moderation status:' echo 'Mondoo Moderation Queue: https://community.chocolatey.org/packages?q=tag%3Amondoo&moderatorQueue=true&moderationStatus=all-statuses&prerelease=false&sortOrder=relevance' + diff --git a/.github/workflows/pkg_macos.yaml b/.github/workflows/pkg_macos.yaml index aabc8722..a36e528b 100644 --- a/.github/workflows/pkg_macos.yaml +++ b/.github/workflows/pkg_macos.yaml @@ -1,52 +1,40 @@ -name: "PKG: macOS Universal pkg Release" +name: 'PKG: macOS Universal pkg Release' on: - workflow_call: - inputs: - version: - description: "Package Version" - required: true - default: "0.0.1" - type: string - name: - description: "Package Name" - required: false - default: "mondoo" - type: string - skip-publish: - description: "Skip publish?" - required: false - default: false - type: boolean workflow_dispatch: inputs: version: - description: "Package Version" + description: 'Package Version' required: true - default: "0.0.1" - type: string + default: '0.0.1' name: - description: "Package Name" + description: 'Package Name' required: false - default: "mondoo" - type: string + default: 'mondoo' skip-publish: - description: "Skip publish?" + description: 'Skip publish?' required: false default: false type: boolean + release: + types: [released] jobs: pkg: - name: "Packaging: Mac" + name: 'Packaging: Mac' runs-on: macos-latest steps: - name: Checkout repository uses: actions/checkout@v4 - - name: Set Version + - name: Set Version (Workflow Dispatch) + if: github.event_name == 'workflow_dispatch' run: | echo VERSION=${{ inputs.version }} >> $GITHUB_ENV + - name: Set Version (Release Event) + if: github.event_name == 'release' + run: | + echo VERSION=${{ github.event.release.tag_name }} >> $GITHUB_ENV - name: Unified Version id: version run: | @@ -101,7 +89,7 @@ jobs: appstore-connect-username: ${{ secrets.APPLE_ACCOUNT_USERNAME }} appstore-connect-password: ${{ secrets.APPLE_ACCOUNT_PASSWORD }} appstore-connect-team-id: ${{ secrets.APPLE_ACCOUNT_TEAM_ID }} - primary-bundle-id: "com.${{ steps.version.outputs.name }}.client" + primary-bundle-id: 'com.${{ steps.version.outputs.name }}.client' - name: "Staple Release Build" uses: mondoohq/xcode-staple@v1 with: @@ -115,7 +103,7 @@ jobs: retention-days: 30 publish: - name: "Publish: Releases" + name: 'Publish: Releases' needs: pkg if: ${{ ! inputs.skip-publish }} runs-on: ubuntu-latest @@ -145,11 +133,11 @@ jobs: echo "PKG=$PKG" >> $GITHUB_ENV echo "VERSION=${VERSION}" >> $GITHUB_ENV - name: Authenticate with Google Cloud - uses: "google-github-actions/auth@v2" + uses: 'google-github-actions/auth@v2' with: - credentials_json: "${{secrets.GCP_CREDENTIALS}}" - - name: "Set up Cloud SDK" - uses: "google-github-actions/setup-gcloud@v2" + credentials_json: '${{secrets.GCP_CREDENTIALS}}' + - name: 'Set up Cloud SDK' + uses: 'google-github-actions/setup-gcloud@v2' - name: Verify access to release bucket run: | gsutil ls gs://releases-us.mondoo.io/mondoo diff --git a/.github/workflows/pkg_msi.yaml b/.github/workflows/pkg_msi.yaml index 97ca4ffe..c7574d36 100644 --- a/.github/workflows/pkg_msi.yaml +++ b/.github/workflows/pkg_msi.yaml @@ -1,53 +1,41 @@ -name: "PKG: Microsoft Software Installer (MSI)" +name: 'PKG: Microsoft Software Installer (MSI)' on: - workflow_call: - inputs: - version: - description: "Package Version" - required: true - default: "0.0.1" - type: string - name: - description: "Package Name" - required: false - default: "mondoo" - type: string - skip-publish: - description: "Skip publish?" - required: false - default: false - type: boolean workflow_dispatch: inputs: version: - description: "Package Version" + description: 'Package Version' required: true - default: "0.0.1" - type: string + default: '0.0.1' name: - description: "Package Name" + description: 'Package Name' required: false - default: "mondoo" - type: string + default: 'mondoo' skip-publish: - description: "Skip publish?" + description: 'Skip publish?' required: false default: false type: boolean + release: + types: [published] jobs: setup: - name: "Setup" + name: 'Setup' runs-on: ubuntu-latest outputs: version: ${{ steps.version.outputs.version }} trimmed-version: ${{ steps.version.outputs.trimmed_version }} name: ${{ steps.version.outputs.name }} steps: - - name: Set Version + - name: Set Version (Workflow Dispatch) + if: github.event_name == 'workflow_dispatch' run: | echo VERSION=${{ inputs.version }} >> $GITHUB_ENV + - name: Set Version (Release Event) + if: github.event_name == 'release' + run: | + echo VERSION=${{ github.event.release.tag_name }} >> $GITHUB_ENV - name: Unified Version id: version run: | @@ -68,8 +56,9 @@ jobs: curl -sL --head --fail https://github.com/mondoohq/cnquery/releases/download/v${{ steps.version.outputs.version }}/cnquery_${{ steps.version.outputs.version }}_windows_amd64.zip curl -sL --head --fail https://github.com/mondoohq/cnspec/releases/download/v${{ steps.version.outputs.version }}/cnspec_${{ steps.version.outputs.version }}_windows_amd64.zip + dist-prepare: - name: "Prepare Distribution for Packaging" + name: 'Prepare Distribution for Packaging' runs-on: ubuntu-latest needs: setup steps: @@ -94,10 +83,11 @@ jobs: name: dist path: dist + msi-build: - name: "Packaging: Windows MSI" + name: 'Packaging: Windows MSI' runs-on: windows-latest - needs: [setup, dist-prepare] + needs: [ setup, dist-prepare ] # For Version: ${{ needs.setup.outputs.version }} steps: - name: Checkout repository @@ -178,8 +168,8 @@ jobs: path: dist/ publish: - name: "Publish: Releases" - needs: [setup, msi-build] + name: 'Publish: Releases' + needs: [setup,msi-build] if: ${{ ! inputs.skip-publish }} runs-on: ubuntu-latest steps: @@ -192,11 +182,11 @@ jobs: path: dist - name: Authenticate with Google Cloud id: gauth - uses: "google-github-actions/auth@v2" + uses: 'google-github-actions/auth@v2' with: - credentials_json: "${{secrets.GCP_CREDENTIALS}}" - - name: "Set up Cloud SDK" - uses: "google-github-actions/setup-gcloud@v2" + credentials_json: '${{secrets.GCP_CREDENTIALS}}' + - name: 'Set up Cloud SDK' + uses: 'google-github-actions/setup-gcloud@v2' - name: Verify access to release bucket env: VERSION: ${{ needs.setup.outputs.version }} @@ -226,3 +216,4 @@ jobs: - name: Cleanup run: | rm -f "${{ steps.gauth.outputs.credentials_file_path }}" + diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index b4efe0bf..00000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,120 +0,0 @@ -name: Run Release Workflows - -on: - release: - types: [released] - workflow_dispatch: - inputs: - version: - description: "Version that should be released" - required: true - default: "1.2.3" - type: string - -jobs: - get-version: - runs-on: ubuntu-latest - outputs: - version: ${{ steps.version.outputs.version }} - steps: - - name: Get Version (Workflow Dispatch) - if: github.event_name == 'workflow_dispatch' - run: | - echo VERSION=${{ inputs.version }} >> $GITHUB_ENV - - name: Get Version (Release Event) - if: github.event_name == 'release' - run: | - echo VERSION=${{ github.event.release.tag_name }} >> $GITHUB_ENV - - name: Set Version - id: version - run: | - echo "version=$VERSION" >> $GITHUB_OUTPUT - - create-release: - runs-on: ubuntu-latest - needs: get-version - if: github.event_name == 'workflow_dispatch' - steps: - - name: Create release - uses: softprops/action-gh-release@v2 - with: - name: ${{ inputs.version }} - tag_name: ${{ inputs.version }} - - release_mondoo_pkgs: - name: Trigger release_mondoo_pkgs workflow - uses: ./.github/workflows/release_mondoo_pkgs.yaml - needs: get-version - with: - version: ${{ needs.get-version.outputs.version }} - - update-version: - name: Trigger update-version workflow - uses: ./.github/workflows/update-version.yml - needs: get-version - with: - version: ${{ needs.get-version.outputs.version }} - - build_container: - name: Trigger build_container workflow - uses: ./.github/workflows/build_container.yml - - pkg_macos: - name: Trigger pkg_macos workflow - uses: ./.github/workflows/pkg_macos.yaml - needs: get-version - with: - version: ${{ needs.get-version.outputs.version }} - - pkg_arch-aur: - name: Trigger pkg_arch-aur workflow - uses: ./.github/workflows/pkg_arch-aur.yaml - needs: get-version - with: - version: ${{ needs.get-version.outputs.version }} - - pkg_chocolatey: - name: Trigger pkg_chocolatey workflow - uses: ./.github/workflows/pkg_chocolatey.yaml - needs: get-version - with: - version: ${{ needs.get-version.outputs.version }} - - pkg_msi: - name: Trigger pkg_msi workflow - uses: ./.github/workflows/pkg_msi.yaml - needs: get-version - with: - version: ${{ needs.get-version.outputs.version }} - - test_install_sh: - name: Trigger pkg_msi workflow - uses: ./.github/workflows/test_install_sh.yml - needs: update-version - - test-released-all: - name: Trigger test-released-all workflow - uses: ./.github/workflows/test-released-all.yaml - with: - version: ${{ needs.get-version.outputs.version }} - needs: - - get-version - - release_mondoo_pkgs - - build_container - - pkg_macos - - pkg_arch-aur - - pkg_chocolatey - - pkg_msi - - test_install_sh - - integration-tests: - name: Trigger integration test workflow - runs-on: ubuntu-latest - needs: - - get-version - - test-released-all - steps: - - name: Run integration test workfow - env: - GH_TOKEN: ${{ secrets.REPO_API_TOKEN }} - run: gh workflow run test.yaml --repo "mondoohq/integration-test" --field version=${{ needs.get-version.outputs.version }} diff --git a/.github/workflows/release_mondoo_pkgs.yaml b/.github/workflows/release_mondoo_pkgs.yaml index 58caa7a9..c2f3fcac 100644 --- a/.github/workflows/release_mondoo_pkgs.yaml +++ b/.github/workflows/release_mondoo_pkgs.yaml @@ -1,13 +1,14 @@ name: "Build & Release mondoo Meta-Package" on: - workflow_call: + release: + types: [released] + workflow_dispatch: inputs: version: - description: "Version that should be released" + description: 'Version that should be released' required: true - default: "1.2.3" - type: string + default: '1.2.3' jobs: build-mondoo-payloads: @@ -17,9 +18,14 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Set Version + - name: Version from Workflow Dispatch + if: github.event_name == 'workflow_dispatch' run: | echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV + - name: Version from Release Tag + if: github.event_name == 'release' + run: | + echo "VERSION=${{ github.event.release.tag_name }}" >> $GITHUB_ENV - name: Unify and Validate Version id: version run: | @@ -38,12 +44,12 @@ jobs: run: | sudo apt update && sudo apt install -y rpm gpg - name: Authenticate with GCloud - uses: "google-github-actions/auth@v2" + uses: 'google-github-actions/auth@v2' with: - credentials_json: "${{ secrets.GCP_CREDENTIALS }}" + credentials_json: '${{ secrets.GCP_CREDENTIALS }}' - name: Setup GCloud SDK - uses: "google-github-actions/setup-gcloud@v2" + uses: 'google-github-actions/setup-gcloud@v2' - name: Download Signing Keys env: @@ -84,8 +90,8 @@ jobs: repository: "mondoohq/releasr" event-type: reindex client-payload: '{ - "reindex-path": "mondoo/${{ steps.version.outputs.version }}", - "bucket": "releases-us.mondoo.io" + "reindex-path": "mondoo/${{ steps.version.outputs.version }}", + "bucket": "releases-us.mondoo.io" }' - name: Create Artifacts @@ -106,8 +112,17 @@ jobs: - uses: actions/checkout@v4 - name: Repository Dispatch (Workflow Dispatch) uses: peter-evans/repository-dispatch@v3 + if: github.event_name == 'workflow_dispatch' with: token: ${{ secrets.REPO_API_TOKEN }} repository: ${{ matrix.repo }} event-type: update client-payload: '{"version": "${{ needs.build-mondoo-payloads.outputs.version }}"}' + - name: Repository Dispatch (Release) + uses: peter-evans/repository-dispatch@v3 + if: github.event_name == 'release' + with: + token: ${{ secrets.REPO_API_TOKEN }} + repository: ${{ matrix.repo }} + event-type: update + client-payload: '{"version": "${{ needs.build-mondoo-payloads.outputs.version }}"}' \ No newline at end of file diff --git a/.github/workflows/test-released-all.yaml b/.github/workflows/test-released-all.yaml index 74595f82..699713e3 100644 --- a/.github/workflows/test-released-all.yaml +++ b/.github/workflows/test-released-all.yaml @@ -1,20 +1,12 @@ name: "Test Release: ALL - Trigger Release Build Tests" on: - workflow_call: - inputs: - version: - description: "Version to test" - required: true - default: "9.0.0" - type: string workflow_dispatch: inputs: version: description: "Version to test" required: true default: "9.0.0" - type: string jobs: test-arch: diff --git a/.github/workflows/test_install_sh.yml b/.github/workflows/test_install_sh.yml index 87e8d31a..7fa78217 100644 --- a/.github/workflows/test_install_sh.yml +++ b/.github/workflows/test_install_sh.yml @@ -1,13 +1,16 @@ name: Test Mondoo Releases with Container Builds on: - workflow_call: + workflow_run: + workflows: ['Update Release Version'] # runs after release + types: + - completed workflow_dispatch: push: branches: - main paths: - - "install.sh" + - 'install.sh' jobs: build_container: @@ -54,4 +57,4 @@ jobs: env: DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }} with: - args: ":warning: Mondoo install failed in test container! (https://github.com/mondoohq/installer/actions/workflows/test_with_container_build.yml)" + args: ':warning: Mondoo install failed in test container! (https://github.com/mondoohq/installer/actions/workflows/test_with_container_build.yml)' diff --git a/.github/workflows/update-version.yml b/.github/workflows/update-version.yml index 1fe2a156..e3f76cc3 100644 --- a/.github/workflows/update-version.yml +++ b/.github/workflows/update-version.yml @@ -1,20 +1,14 @@ name: Update Release Version on: - workflow_call: - inputs: - version: - description: "Version that should be released" - required: true - default: "1.2.3" - type: string + release: + types: [released] workflow_dispatch: inputs: version: - description: "Version that should be released" + description: 'Version that should be released' required: true - default: "1.2.3" - type: string + default: '1.2.3' jobs: update-version: @@ -23,10 +17,10 @@ jobs: - name: checkout uses: actions/checkout@v4 with: - ref: "main" + ref: 'main' fetch-depth: 0 - name: Version from Workflow Dispatch - if: github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call' + if: github.event_name == 'workflow_dispatch' run: | V=$(echo ${{ github.event.inputs.version }} | sed 's/v//g') echo "VERSION=${V}" >> $GITHUB_ENV